当前位置: 首页 > 图文教程 > 网络编程 > ASP > javascript asp教程添加和修改

ASP
ASP实例:读取xml文件的程序
asp实现rar压缩和解压缩源代码
关于ASP中脚本执行顺序的讲解
用asp程序读取网站的alexa世界排名
初学ASP编程易犯的一个错误要注意
ASP实现SQL语句日期格式的加减运算
通过启动脚本来感受ASP的力量
ASP SCRIPT: 计数器(使用GrapShot组件)
学以致用 驳“ASP低能论”
ASP分页显示Recordset数据
ASP编程代码:隐藏图片的真实地址
ASP网站Server object error的解决办法
用ASP对网页进行限制性的访问
把网页中的电话号码生成图片的ASP程序
ASP实现文件直接下载
用ASP显示ACCESS数据库的的GIF图象
ASP分页和日期格式化为RFC822格式的办法
实例:ASP与ACCESS链接
ASP程序直接连接MYSQL数据库
ASP连接MSSQL的错误: 拒绝访问

ASP 中的 javascript asp教程添加和修改


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-13   浏览: 91 ::
收藏到网摘: n/a

The Connection Execute():

If you want to retrieve data from a database then you have no choice but to use a Recordset. However, for the purposes of adding, updating, and deleting data you don't necessarily have to have a Recordset. It's up to you.

For the purposes of adding, updating and deleting you can avoid the Recordset by using the Execute() method.

Get Started:

Below is the script for Lesson 19.

<%@LANGUAGE="JavaScript"%>
var strConnect="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="
strConnect += Server.MapPath("\\GOP") + "\\datastores\\gop.mdb;"
<!-- METADATA TYPE="typelib"
FILE="C:\Program Files\Common Files\System\ado\msado15.dll" -->
<HTML>
<HEAD>
<TITLE>Administrator Page - Changing the Mailing List</TITLE>
</HEAD>
<BODY LINK="red" VLINK="red" ALINK="crimson">
<H2>Administrator Page</H2>
<H3>Changing a the Mailing List</H3>
<%
if (Request.Form("Delete") > "")	{	var sql="DELETE FROM Address WHERE ID = " + Request.Form("ID") + ";"	}
else	{	var firstName = new String(Request.Form("firstName"))	var lastName = new String(Request.Form("lastName"))	var Address = new String(Request.Form("Address"))	var City = new String(Request.Form("City"))	var myRegExp = /[']/g;	firstName = firstName.replace(myRegExp, ''');	lastName = lastName.replace(myRegExp, ''');	Address = Address.replace(myRegExp, ''');	City = City.replace(myRegExp, ''');	var sql="UPDATE Address SET firstName= '" + firstName + "' , lastName='"	sql += lastName + "' , Address='" + Address + "' , City='"	sql += City + "' , State='" + Request.Form("State") + "' , Zip='"	sql += Request.Form("Zip") + "' WHERE ID = " + Request.Form("ID") + ";"	}
var objConn=Server.CreateObject("ADODB.Connection");
objConn.Open(strConnect)
objConn.Execute(sql)
objConn.Close()
objConn = null;
Response.Write("The member has been updated in the database.")
Response.Write("<A HREF=\"../files/committee.asp\">")
Response.Write("Click here to see it.</A>")
%>

There's no link to see this one in action. I did that for security reasons. I just want to point out a few highlights.

Danger in The Single Quote:

You'll notice that I replace single quote marks with the HTML encoded equivalent. I did that using the following code.

var myRegExp = /[']/g;
firstName = firstName.replace(myRegExp, ''');

The single quote is the only character you cannot input into a database using an ASP application. Everything else is fair game. DO NOT accept any text from users into your database without replacing all single quotes. To use an analogy, the single quote is like a key that opens up your entire database. Hackers will tear your application to shreds if you let someone input single quotes.

Execute( ):

The only other thing I want to spend any time with is objConn.Execute(sql). The variable sql takes on one of two definitions depending on the result of an "if" statement. In this case sql does all the work, and we never need a recordset.